Source code

001package com.nimbusds.oauth2.sdk.auth;
002
003
004import net.jcip.annotations.Immutable;
005
006import com.nimbusds.oauth2.sdk.id.Identifier;
007
008
009/**
010 * Client authentication method at the Token endpoint.
011 *
012 * <p>Constants are provided for four client authentication methods:
013 *
014 * <ul>
015 *     <li>{@link #CLIENT_SECRET_BASIC} (default)
016 *     <li>{@link #CLIENT_SECRET_POST}
017 *     <li>{@link #CLIENT_SECRET_JWT}
018 *     <li>{@link #PRIVATE_KEY_JWT}
019 *     <li>{@link #NONE}
020 * </ul>
021 *
022 * <p>Use the constructor to define a custom client authentication method.
023 *
024 * <p>Related specifications:
025 *
026 * <ul>
027 *     <li>OAuth 2.0 (RFC 6749), section 2.3.
028 *     <li>OAuth 2.0 Dynamic Client Registration Protocol
029 *         (draft-ietf-oauth-dyn-reg-14), section 2.
030 * </ul>
031 */
032@Immutable
033public final class ClientAuthenticationMethod extends Identifier {
034
035
036        /**
037         * Clients that have received a client secret from the authorisation 
038         * server authenticate with the authorisation server in accordance with
039         * section 3.2.1 of OAuth 2.0 using HTTP Basic authentication. This is 
040         * the default if no method has been registered for the client.
041         */
042        public static final ClientAuthenticationMethod CLIENT_SECRET_BASIC = 
043                new ClientAuthenticationMethod("client_secret_basic");
044
045
046        /**
047         * Clients that have received a client secret from the authorisation 
048         * server authenticate with the authorisation server in accordance with
049         * section 3.2.1 of OAuth 2.0 by including the client credentials in 
050         * the request body.
051         */
052        public static final ClientAuthenticationMethod CLIENT_SECRET_POST =
053                new ClientAuthenticationMethod("client_secret_post");
054
055
056        /**
057         * Clients that have received a client secret from the authorisation 
058         * server, create a JWT using an HMAC SHA algorithm, such as HMAC 
059         * SHA-256. The HMAC (Hash-based Message Authentication Code) is
060         * calculated using the value of client secret as the shared key. The 
061         * client authenticates in accordance with section 2.2 of (JWT) Bearer
062         * Token Profiles and OAuth 2.0 Assertion Profile. 
063         */
064        public static final ClientAuthenticationMethod CLIENT_SECRET_JWT =
065                new ClientAuthenticationMethod("client_secret_jwt");
066
067
068        /**
069         * Clients that have registered a public key sign a JWT using the RSA 
070         * algorithm if a RSA key was registered or the ECDSA algorithm if an 
071         * Elliptic Curve key was registered (see JWA for the algorithm 
072         * identifiers). The client authenticates in accordance with section 
073         * 2.2 of (JWT) Bearer Token Profiles and OAuth 2.0 Assertion Profile.
074         */
075        public static final ClientAuthenticationMethod PRIVATE_KEY_JWT =
076                new ClientAuthenticationMethod("private_key_jwt");
077
078
079        /**
080         * The client is a public client as defined in OAuth 2.0 and does not
081         * have a client secret.
082         */
083        public static final ClientAuthenticationMethod NONE =
084                new ClientAuthenticationMethod("none");
085
086
087        /**
088         * Gets the default client authentication method.
089         *
090         * @return {@link #CLIENT_SECRET_BASIC}
091         */
092        public static ClientAuthenticationMethod getDefault() {
093
094                return CLIENT_SECRET_BASIC;
095        }
096
097
098        /**
099         * Creates a new client authentication method with the specified value.
100         *
101         * @param value The authentication method value. Must not be 
102         *              {@code null} or empty string.
103         */
104        public ClientAuthenticationMethod(final String value) {
105
106                super(value);
107        }
108
109
110        /**
111         * Parses a client authentication method from the specified value.
112         *
113         * @param value The authentication method value. Must not be
114         *              {@code null} or empty string.
115         *
116         * @return The client authentication method.
117         */
118        public static ClientAuthenticationMethod parse(final String value) {
119
120                if (value.equals(CLIENT_SECRET_BASIC.getValue())) {
121                        return CLIENT_SECRET_BASIC;
122                } else if (value.equals(CLIENT_SECRET_POST.getValue())) {
123                        return CLIENT_SECRET_POST;
124                } else if (value.equals(CLIENT_SECRET_JWT.getValue())) {
125                        return CLIENT_SECRET_JWT;
126                } else if (value.equals(PRIVATE_KEY_JWT.getValue())) {
127                        return PRIVATE_KEY_JWT;
128                } else if (value.equals(NONE.getValue())) {
129                        return NONE;
130                } else {
131                        return new ClientAuthenticationMethod(value);
132                }
133        }
134
135
136        @Override
137        public boolean equals(final Object object) {
138        
139                return object instanceof ClientAuthenticationMethod &&
140                       this.toString().equals(object.toString());
141        }
142}